The Internet is a vast collection of interconnected computers, connected to a vast variety of resources (e.g., information, services, and data). Many of these resources are protected from unauthorized access. Numerous technologies exist around protecting resources such as firewalls, virtual private networks (VPN), application servers, cloud computing appliances, and/or other technologies.
Authorization may refer to a process of determining whether a user has a right to access a resource. Authentication may refer to a process of confirming that a user is actually is the person they claim to be. Authorization does not necessarily involve identification. However, in many forms of authorization, the user's identity is required. A common form of authentication relies on user-name and password. That is, the user claims an identity (e.g., via the user-name), and that identity is subsequently verified by matching the password that the user entered to a password previously stored in an authentication database and/or other memory. Of course, any person with knowledge of the username and password can potentially access protected resources.
Authentication can take many forms. By way of non-limiting example, forms of authentication may include something known (e.g., a secret password, your mother's birthday, and/or other knowledge), something possessed (e.g., a credit card, a cryptographic token, and/or other possessions), some physical feature (e.g., a facial feature, fingerprint, iris patterns, and/or other physical features). These items may sometimes be referred to as evidence of a claimed identity.
The term “biometric” comes from “bio,” indicating a reliance on a biological feature, and “metric,” which means measurement. As such, biometric literally means the measurement of a biological feature. Biometrics refers the overall field of study, industry, and use of biometric identification and/or verification. It relies on the idea that biological processes generally do not produce truly identical objects. For example, even identical twins are measurably different. By measuring a biological object with sufficient accuracy, it may therefore be possible to distinguish an individual from everyone else in the population.
Biometric verification may be called for to confirm the identity of an individual as part of the authentication process. Biometric verification may include sample acquisition, template extraction, a matching step, and/or other operations. According to some existing approaches, sample acquisition may include capturing an image and/or other sample of a feature of a person that a biometric system relies on. For instance, a fingerprint sensor may capture an image of the individual's finger. Iris recognition may begin by capturing an image(s) of a person's eye(s). Such images may require specialized conditions such as, for example, a specific light spectrum, angle of illumination, illumination intensity, projected illumination pattern, light polarization, and/or other conditions. Specialized cameras that collect biometric samples may be referred to as biometric sensors. In some existing approaches, a biometric sensor may include one or more other sensors, rather than or in addition to a camera.
Generally speaking, an extraction process may convert a biometric sample into an extracted feature set. Such a feature set may be referred to as a template. For example, a feature set may be extracted from an image of a fingerprint as minutia data, which is a list including a type, location, and orientation of individual fingerprint features within the overall fingerprint pattern. A template used for verification and/or identification may typically be extracted from a single biometric sample. A template used for enrollment may often be derived from several biometric samples and/or several biometric templates, all from the same biometric feature (e.g., the right index finger).
Existing matching processes generally may include aligning and/or comparing the extracted feature sets, typically between an enrolled exemplary template—an “exemplar”—stored in an authentication server's database, and a live biometric sample or template. The comparison may result in a score and/or other metric that represents the likelihood that the exemplar and the live biometric sample are from the same person. The biometric sample quality (e.g., image quality), biological statistics, score, and/or other factors may be combined to produce a confidence metric that the biometric sample came from the person the user claims to be.
Unfortunately, biometric features may be difficult to conceal or keep secret. For example, a biometric sample may be obtained from a latent fingerprint left on a coffee cup or a high resolution facial image. Whether used to enroll in a biometric system, or used to verify one's identity, once a biometric sample has been captured, any compromise to the security of how this data is handled may permanently place that biometric at large. Spoofing refers to the process of tricking a biometric sensor into acquiring a biometric sample from surrogate feature, prosthetic feature, and/or other non-legitimate source, rather than a real biometric feature.
In a supervised setting, it may be difficult to fake a biometric sample. For example, an individual will most likely fail to cash a check at a bank if they present someone else's driver's license as their own identification. With biometrics, a claimed identity may be verified by evidence that is merely an electronic representation of any real proof of identity. This might be viewed as analogous to handing a picture of the person on the driver's license to the bank teller when she tries to verify the identity of the check bearer.
In an unsupervised or remote setting, a biometric sample typically comes from a remote sensor. In many instances, the biometric sample may include an image and/or other information that is transferred to the authentication system. Ideally, a remote biometric sensor may be trusted to produce a real biometric sample, such that the biometric sample can be tested and confirmed to, in fact, be from the person requesting access. In a setting such as an ATM, for example, any sensors are typically physically protected and communications with them are cryptographically protected and/or verified. This is not generally the case, however, in a setting such as a web browser running on a remote computer.
Without a trusted, verifiable source, a biometric sample and/or template may have come from anywhere. The simplest attack on some existing systems may be referred to as a “replay attack,” which uses evidence or credentials from a prior legitimate transaction to enable a later illegitimate transaction. In the case of biometrics, a common replay attack completely eliminates or bypasses the biometric sensor. When the authentication process requests biometric evidence, the bad actor simply submits a sample that was collected by some other means (e.g., a fingerprint lifted off of a coffee cup or a biometric sample submitted as part of another (legitimate) transaction). Widespread use of biometric verification may portend a world where biometric exemplars are stolen and traded by criminals, just like stolen credit card numbers are marketed today.
Existing systems may be prone to other types off attacks. One such type of attack may be referred to as a “piggy-back.” In this case, the bad actor copies biometric evidence and simultaneously submits the biometric evidence to enable a second illegitimate transaction. Another type of attack may be referred to as “hijacking,” which may be viewed as analogous to what is known as “phishing.” In this attack, the user perceives a legitimate transaction and responds by producing a real biometric sample. However the perceived transaction and the actual transaction may be different.
Many of the existing mechanisms meant to protect and enhance users' resources, firewalls, and/or virtual addresses may create problems. For example, a typical means of establishing trust in a biometric sample is to establish control over, and therefore trust in, the biometric sensor. However, this may require establishment of a one-to-one connection between the authentication server and the biometric sensor. This can be both impractical and undesirable because it may require substantial setup, which prevents spontaneous connections, and potentially opens service ports that may be exploited by a bad actor.